"'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for
Md. Man Among Stiffest Yet for Computer Crime"
By Mark Potts/Washington Post Staff Writer
BALTIMORE, March 22--A computer "hacker" who was trying to help others
steal electronic passwords guarding large corporate computer systems
around the country today pleaded guilty to wire fraud in a continuing
government crackdown on computer crime.
Federal prosecutors recommended that Leonard Rose Jr., 32, of
Middletown, Md., be sent to prison for one year and one day, which
would be one of the stiffest sentences imposed to date for computer
crime. Sentencing is scheduled for May before U.S. District Judge J.
Frederick Motz.
Cases such as those of Rose and a Cornell University graduate student
who was convicted last year of crippling a nationwide computer network
have shown that the formerly innocent pastime of hacking has
potentially extreme economic ramifictions. Prosecutors, industry
officials and even some veteran hackers now question the once popular
and widely accepted practice of breaking into computer systems and
networks in search of information that can be shared with others.
"It's just like any other form of theft, except that it's more subtle
and it's more sophisticated," said Geoffrey R. Garinther, the
assistant U.S. attorney who prosecuted the Rose case.
Rose--once part of a group of maverick hackers who called themselves
the Legion of Doom--and his attorneys were not available for comment
after the guilty plea today. The single fraud count replaced a
five-count indictment of the computer programmer that was issued last
May after a raid on his home by Secret Service agents.
According to prosecutors, Rose illegally obtained information that
would permit him to secretly modify a widely used American Telephone &
(See HACKER, A10, Col 1)
Telegraph Co. Unix software program--the complex instructions that
tell computers what to do. The two former AT&T software emplyees who
provided these information "codes" have not yet been prosecuted.
Rose altered the AT&T software by inserting a "Trojan horse" program
that would allow a hacker to secretly gain access to the computer
systems usng the AT&T Unix softare and gather passwords used on the
system. The passwords could then be distributed to other hackers,
permitting them to use the system without the knowledge of its
rightful operators, prosecutors said.
Rose's modifications made corporate purchasers of the $77,000 AT&T
Unix program vulnerable to electronic break-ins and the theft of such
services as toll-free 800 numbers and other computer-based
telecommunications services.
After changing the software, Rose sent it to three other computer
hackers, including one in Chicago, where authorities learned of the
scheme through a Secret Service computer crime investigation called
Operation Sun Devil. Officials say they do not believe the hackers
ever broke into computer systems.
At the same time he pleaded guilty here, Rose pleaded guilty to a
similar charge in Chicago; the sentences are to be served
concurrently, and he will be eligible for parole after 10 months.
Rose and his associates in the Legion of Doom, whose nickname was
taken from a gang of comic-book villains, used names like Acid Phreak
Terminus--Rose's nickname--as their computer IDs. They connected their
computers by telephone to corporate and government computer networks,
outwitted security screens and passwords to sign onto the systems and
rummaged through the information files they found, prosecutors said.
Members of the group were constantly testing the boundaries of the
"hacker ethic," a code of conduct dating back to the early 1960s that
operates on the belief that computers and the information on them
should be free for everyone to share, and that such freedom would
accelerate the spread of computer technology, to society's benefit.
Corporate and government computer information managers and many law
enforcement officials have a different view of the hackers. To them,
the hackers are committing theft and computer fraud.
After the first federal law aimed at computer fraud was enacted in
1986, the Secret Service began the Operation Sun Devil investigation,
which has since swept up many members of the Legion of Doom, including
Rose. The investigation has resulted in the arrest and prosecution of
several hackers and led to the confiscation of dozens of computers,
thousands of computer disks and related items.
"We're authorized to enforce the computer fraud act, and we're doing
it to the best of our ability," Garry Jenkins, assistant director of
investigations for the Secret Service, said last summer. "We're not
interested in cases that are at the lowest threshold of violating the
law...They have to be major criminal violations before we get
involved."
The Secret Service crackdown closely followed the prosecution of the
most celebrated hacker case to date, that of Robert Tappan Morris
Cornell Univesity computer science graduate student and son of a
computer sicentist at the Natonal Security Agency. Morris was
convicted early last year of infecting a vast nationawide computer
network in 1988 with a hugely disruptive computer "virus," or rogue
instructions. Although he could have gone to jail for five years, Mo
$10,000, given three years probation and ordered to do 400 hours of
community service work.
Through Operation Sun Devil and the Morris case, law enforcement
authorities have begun to define the boundaries of computer law.
Officials are grappling with how best to punish hackers and how to
differentiate between mere computer pranks and serious computer
espionage.
"We're all trying to get a handle for what is appropriate behavior in
this new age, where we have computers and computer networks linked
together," said Lance Hoffman, a computer science professor at George
Washington University.
"There clearly are a bunch of people feeling their way in various
respects," said David R. Johnson, an attorney at Wilmer, Cutler &
Pickering and an expert on computer law. However, he said, "Things
are getting a lot clearer. It used to be a reasonably respectable
argument that people gaining unauthorized access to computer systems
and causing problems were just rambunctious youth." Now, however, the
feeling is that "operating in unauthorized computing spaces can be an
antisocial act," he said.
Although this view is increasingly shared by industry leaders, some
see the risk of the crackdown on hackers going to far. Among those
concerned is Mitch Kapor, the inventor of Lotus 1-2-3, the
best-selling computer "spreadsheet" program for carrying out
mathematical and accounting analysis. Kapor and several other
computer pioneers last year contributed several hundred thousands
dollars to set up the Electron Freedom Foundation, a defense fund for
computer hackers.
EFF has funded much of Rose's defense and filed a friend-of-the-court
brief protesting Rose's indictment.
--end of article--
From: The Washington Post, Tuesday March 26, 1991, Page A3.
CORRECTION [to Saturday March 23, 1991 article]
"Leonard Rose, Jr., the Maryland computer hacker who pleaded guilty
last week to two counts of wire fraud involving his illegal possession
of an American Telephone & Telegraph Co. computer program, was not a
member of the "Legion of Doom" computer hacker group, as was reported
Saturday, and did not participate in the group's alleged activities of
breaking into and rummaging through corporate and government computer
systems."